Show HN: Tharos – CLI to find and autofix security bugs using local LLMs (github.com)

Tharos, a new command-line interface (CLI) tool, has been introduced as a modern git commit hook security scanner designed to automatically detect and fix security vulnerabilities within codebases using local large language models (LLMs). By employing fast abstract syntax tree (AST) analysis alongside AI semantic insights, Tharos acts as a proactive gatekeeper, effectively preventing issues like SQL injection and sensitive information leaks before code is committed. The tool supports multiple programming languages, including TypeScript, JavaScript, Go, and Python, and offers interactive features that enable developers to review and resolve security concerns directly within their workflow. The significance of Tharos lies in its unique combination of local-first security analysis and AI capabilities, which enhance both the speed and accuracy of vulnerability detection. It allows organizations to implement security policies effortlessly through a Policy-as-Code approach, loading standards like OWASP, SOC2, and GDPR from customizable YAML configurations. With features like risk scoring, self-healing git hooks, and intelligent suggestions for fixing detected issues, Tharos sets a new standard for maintaining code security without a cumbersome workflow burden. Its open-source nature, coupled with local execution, ensures privacy and transparency, making it a valuable addition to the AI/ML community focused on secure software development.